64.225.114.217 · cobalt-strike-beacon.exe

/demo/av-test/

United States · DIGITALOCEAN-ASN

Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic

Download archived sample

The password is "infected"

share.dcal.me · ElasticsearchEngineer-8.1.0_jp.zip

/elastic/

France · Orange

Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic

share.dcal.me · ElasticsearchEngineer-8.1.0_jp.zip

/elastic/

France · Orange

Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic

share.dcal.me · ela.zip

/

France · Orange

Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic

share.dcal.me · ela.zip

/

France · Orange

Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic

db.sector404.me · cobaltstrike_release.zip

/

United States · STEADFAST

Yara Mimikatz_Memory_Rule_1 From Florian Roth by Florian Roth

Yara CobaltStrike_Resources_Artifact32_v3_14_to_v4_x From Florian Roth by gssincla@google.com

Yara Cobaltbaltstrike_RAW_Payload_TCP_Reverse_x64 From Florian Roth by Avast Threat Intel Team

Yara CobaltStrike_Resources_Artifact64_v3_14_to_v4_x From Florian Roth by gssincla@google.com

Yara CobaltStrike_Resources_Template_Sct_v3_3_to_v4_x From Florian Roth by gssincla@google.com

Yara CobaltStrike_Resources_Template_x64_Ps1_v3_0_to_v4_x_excluding_3_12_3_13 From Florian Roth by gssincla@google.com

Yara Cobaltbaltstrike_RAW_Payload_TCP_Reverse_x86 From Florian Roth by Avast Threat Intel Team

Yara Msfpayloads_msf_6 From Florian Roth by Florian Roth (Nextron Systems)

Yara Cobaltbaltstrike_RAW_Payload_http_stager_x64 From Florian Roth by Avast Threat Intel Team

Yara CobaltStrike_Resources_Covertvpn_Dll_v2_1_to_v4_x From Florian Roth by gssincla@google.com

Yara CobaltStrike_Resources_Template_x86_Vba_v3_8_to_v4_x From Florian Roth by gssincla@google.com

Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic

Yara CobaltStrike_Resources_Command_Ps1_v2_5_to_v3_7_and_Resources_Compress_Ps1_v3_8_to_v4_x From Florian Roth by gssincla@google.com

Yara Cobaltbaltstrike_RAW_Payload_https_stager_x64 From Florian Roth by Avast Threat Intel Team

Yara Cobaltbaltstrike_RAW_Payload_dns_stager_x86 From Florian Roth by Avast Threat Intel Team

Yara CobaltStrike_Resources_Template_Py_v3_3_to_v4_x From Florian Roth by gssincla@google.com

Yara Cobaltbaltstrike_RAW_Payload_TCP_Bind_x86 From Florian Roth by Avast Threat Intel Team

Yara Cobaltbaltstrike_RAW_Payload_http_stager_x86 From Florian Roth by Avast Threat Intel Team

Yara Cobaltbaltstrike_RAW_Payload_https_stager_x86 From Florian Roth by Avast Threat Intel Team

Yara Cobaltbaltstrike_RAW_Payload_smb_stager_x86 From Florian Roth by Avast Threat Intel Team

Yara CobaltStrike_Resources__Template_Vbs_v3_3_to_v4_x From Florian Roth by gssincla@google.com

Yara Cobaltbaltstrike_RAW_Payload_TCP_Bind_x64 From Florian Roth by Avast Threat Intel Team

Yara SUSP_PowerShell_IEX_Download_Combo From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

www.db.sector404.me · cobaltstrike_release.zip

/

United States · STEADFAST

Yara Mimikatz_Memory_Rule_1 From Florian Roth by Florian Roth

Yara CobaltStrike_Resources_Artifact32_v3_14_to_v4_x From Florian Roth by gssincla@google.com

Yara Cobaltbaltstrike_RAW_Payload_TCP_Reverse_x64 From Florian Roth by Avast Threat Intel Team

Yara CobaltStrike_Resources_Artifact64_v3_14_to_v4_x From Florian Roth by gssincla@google.com

Yara CobaltStrike_Resources_Template_Sct_v3_3_to_v4_x From Florian Roth by gssincla@google.com

Yara CobaltStrike_Resources_Template_x64_Ps1_v3_0_to_v4_x_excluding_3_12_3_13 From Florian Roth by gssincla@google.com

Yara Cobaltbaltstrike_RAW_Payload_TCP_Reverse_x86 From Florian Roth by Avast Threat Intel Team

Yara Msfpayloads_msf_6 From Florian Roth by Florian Roth (Nextron Systems)

Yara Cobaltbaltstrike_RAW_Payload_http_stager_x64 From Florian Roth by Avast Threat Intel Team

Yara CobaltStrike_Resources_Covertvpn_Dll_v2_1_to_v4_x From Florian Roth by gssincla@google.com

Yara CobaltStrike_Resources_Template_x86_Vba_v3_8_to_v4_x From Florian Roth by gssincla@google.com

Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic

Yara CobaltStrike_Resources_Command_Ps1_v2_5_to_v3_7_and_Resources_Compress_Ps1_v3_8_to_v4_x From Florian Roth by gssincla@google.com

Yara Cobaltbaltstrike_RAW_Payload_https_stager_x64 From Florian Roth by Avast Threat Intel Team

Yara Cobaltbaltstrike_RAW_Payload_dns_stager_x86 From Florian Roth by Avast Threat Intel Team

Yara CobaltStrike_Resources_Template_Py_v3_3_to_v4_x From Florian Roth by gssincla@google.com

Yara Cobaltbaltstrike_RAW_Payload_TCP_Bind_x86 From Florian Roth by Avast Threat Intel Team

Yara Cobaltbaltstrike_RAW_Payload_http_stager_x86 From Florian Roth by Avast Threat Intel Team

Yara Cobaltbaltstrike_RAW_Payload_https_stager_x86 From Florian Roth by Avast Threat Intel Team

Yara Cobaltbaltstrike_RAW_Payload_smb_stager_x86 From Florian Roth by Avast Threat Intel Team

Yara CobaltStrike_Resources__Template_Vbs_v3_3_to_v4_x From Florian Roth by gssincla@google.com

Yara Cobaltbaltstrike_RAW_Payload_TCP_Bind_x64 From Florian Roth by Avast Threat Intel Team

Yara SUSP_PowerShell_IEX_Download_Combo From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

www.db.sector404.me · cobaltstrike_release.zip

/

United States · STEADFAST

Yara Mimikatz_Memory_Rule_1 From Florian Roth by Florian Roth

Yara CobaltStrike_Resources_Artifact32_v3_14_to_v4_x From Florian Roth by gssincla@google.com

Yara Cobaltbaltstrike_RAW_Payload_TCP_Reverse_x64 From Florian Roth by Avast Threat Intel Team

Yara CobaltStrike_Resources_Artifact64_v3_14_to_v4_x From Florian Roth by gssincla@google.com

Yara CobaltStrike_Resources_Template_Sct_v3_3_to_v4_x From Florian Roth by gssincla@google.com

Yara CobaltStrike_Resources_Template_x64_Ps1_v3_0_to_v4_x_excluding_3_12_3_13 From Florian Roth by gssincla@google.com

Yara Cobaltbaltstrike_RAW_Payload_TCP_Reverse_x86 From Florian Roth by Avast Threat Intel Team

Yara Msfpayloads_msf_6 From Florian Roth by Florian Roth (Nextron Systems)

Yara Cobaltbaltstrike_RAW_Payload_http_stager_x64 From Florian Roth by Avast Threat Intel Team

Yara CobaltStrike_Resources_Covertvpn_Dll_v2_1_to_v4_x From Florian Roth by gssincla@google.com

Yara CobaltStrike_Resources_Template_x86_Vba_v3_8_to_v4_x From Florian Roth by gssincla@google.com

Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic

Yara CobaltStrike_Resources_Command_Ps1_v2_5_to_v3_7_and_Resources_Compress_Ps1_v3_8_to_v4_x From Florian Roth by gssincla@google.com

Yara Cobaltbaltstrike_RAW_Payload_https_stager_x64 From Florian Roth by Avast Threat Intel Team

Yara Cobaltbaltstrike_RAW_Payload_dns_stager_x86 From Florian Roth by Avast Threat Intel Team

Yara CobaltStrike_Resources_Template_Py_v3_3_to_v4_x From Florian Roth by gssincla@google.com

Yara Cobaltbaltstrike_RAW_Payload_TCP_Bind_x86 From Florian Roth by Avast Threat Intel Team

Yara Cobaltbaltstrike_RAW_Payload_http_stager_x86 From Florian Roth by Avast Threat Intel Team

Yara Cobaltbaltstrike_RAW_Payload_https_stager_x86 From Florian Roth by Avast Threat Intel Team

Yara Cobaltbaltstrike_RAW_Payload_smb_stager_x86 From Florian Roth by Avast Threat Intel Team

Yara CobaltStrike_Resources__Template_Vbs_v3_3_to_v4_x From Florian Roth by gssincla@google.com

Yara Cobaltbaltstrike_RAW_Payload_TCP_Bind_x64 From Florian Roth by Avast Threat Intel Team

Yara SUSP_PowerShell_IEX_Download_Combo From Florian Roth by Florian Roth (Nextron Systems)

Yara HKTL_NoPowerShell From Florian Roth by Florian Roth (Nextron Systems)

Yara INDICATOR_EXE_Packed_Dotfuscator From AlienVault by ditekSHen

Yara ReflectiveLoader From Florian Roth by Florian Roth (Nextron Systems)

Yara CobaltStrike_Resources_Elevate_X64_Dll_v3_0_to_v3_14_and_Sleeve_Elevate_X64_Dll_v4_x From Florian Roth by gssincla@google.com

Yara INDICATOR_EXE_Packed_Fody From AlienVault by ditekSHen

Yara ps1_toolkit_PowerUp From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_PowerShell_Framework_Gen4 From Florian Roth by Florian Roth (Nextron Systems)

Yara Base64_encoded_Executable From Florian Roth by Florian Roth (Nextron Systems)

Yara Invoke_mimikittenz From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_KeePassConfig From Florian Roth by Florian Roth (Nextron Systems)

Yara HackTool_MSIL_SAFETYKATZ_4 From Florian Roth by FireEye

Yara HackTool_MSIL_SEATBELT_1 From Florian Roth by FireEye

Yara Disable_Defender From AbuseCH by iam-py-test

Yara WiltedTulip_WindowsTask From Florian Roth by Florian Roth (Nextron Systems)

Yara NTLM_Dump_Output From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"

db.sector404.me · cobaltstrike_release.zip

/

United States · STEADFAST

Yara Mimikatz_Memory_Rule_1 From Florian Roth by Florian Roth

Yara CobaltStrike_Resources_Artifact32_v3_14_to_v4_x From Florian Roth by gssincla@google.com

Yara Cobaltbaltstrike_RAW_Payload_TCP_Reverse_x64 From Florian Roth by Avast Threat Intel Team

Yara CobaltStrike_Resources_Artifact64_v3_14_to_v4_x From Florian Roth by gssincla@google.com

Yara CobaltStrike_Resources_Template_Sct_v3_3_to_v4_x From Florian Roth by gssincla@google.com

Yara CobaltStrike_Resources_Template_x64_Ps1_v3_0_to_v4_x_excluding_3_12_3_13 From Florian Roth by gssincla@google.com

Yara Cobaltbaltstrike_RAW_Payload_TCP_Reverse_x86 From Florian Roth by Avast Threat Intel Team

Yara Msfpayloads_msf_6 From Florian Roth by Florian Roth (Nextron Systems)

Yara Cobaltbaltstrike_RAW_Payload_http_stager_x64 From Florian Roth by Avast Threat Intel Team

Yara CobaltStrike_Resources_Covertvpn_Dll_v2_1_to_v4_x From Florian Roth by gssincla@google.com

Yara CobaltStrike_Resources_Template_x86_Vba_v3_8_to_v4_x From Florian Roth by gssincla@google.com

Yara HKTL_CobaltStrike_Beacon_Strings From Florian Roth by Elastic

Yara CobaltStrike_Resources_Command_Ps1_v2_5_to_v3_7_and_Resources_Compress_Ps1_v3_8_to_v4_x From Florian Roth by gssincla@google.com

Yara Cobaltbaltstrike_RAW_Payload_https_stager_x64 From Florian Roth by Avast Threat Intel Team

Yara Cobaltbaltstrike_RAW_Payload_dns_stager_x86 From Florian Roth by Avast Threat Intel Team

Yara CobaltStrike_Resources_Template_Py_v3_3_to_v4_x From Florian Roth by gssincla@google.com

Yara Cobaltbaltstrike_RAW_Payload_TCP_Bind_x86 From Florian Roth by Avast Threat Intel Team

Yara Cobaltbaltstrike_RAW_Payload_http_stager_x86 From Florian Roth by Avast Threat Intel Team

Yara Cobaltbaltstrike_RAW_Payload_https_stager_x86 From Florian Roth by Avast Threat Intel Team

Yara Cobaltbaltstrike_RAW_Payload_smb_stager_x86 From Florian Roth by Avast Threat Intel Team

Yara CobaltStrike_Resources__Template_Vbs_v3_3_to_v4_x From Florian Roth by gssincla@google.com

Yara Cobaltbaltstrike_RAW_Payload_TCP_Bind_x64 From Florian Roth by Avast Threat Intel Team

Yara SUSP_PowerShell_IEX_Download_Combo From Florian Roth by Florian Roth (Nextron Systems)

Yara HKTL_NoPowerShell From Florian Roth by Florian Roth (Nextron Systems)

Yara INDICATOR_EXE_Packed_Dotfuscator From AlienVault by ditekSHen

Yara ReflectiveLoader From Florian Roth by Florian Roth (Nextron Systems)

Yara CobaltStrike_Resources_Elevate_X64_Dll_v3_0_to_v3_14_and_Sleeve_Elevate_X64_Dll_v4_x From Florian Roth by gssincla@google.com

Yara INDICATOR_EXE_Packed_Fody From AlienVault by ditekSHen

Yara ps1_toolkit_PowerUp From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_PowerShell_Framework_Gen4 From Florian Roth by Florian Roth (Nextron Systems)

Yara Base64_encoded_Executable From Florian Roth by Florian Roth (Nextron Systems)

Yara Invoke_mimikittenz From Florian Roth by Florian Roth (Nextron Systems)

Yara Empire_KeePassConfig From Florian Roth by Florian Roth (Nextron Systems)

Yara HackTool_MSIL_SAFETYKATZ_4 From Florian Roth by FireEye

Yara HackTool_MSIL_SEATBELT_1 From Florian Roth by FireEye

Yara Disable_Defender From AbuseCH by iam-py-test

Yara WiltedTulip_WindowsTask From Florian Roth by Florian Roth (Nextron Systems)

Yara NTLM_Dump_Output From Florian Roth by Florian Roth (Nextron Systems)

Download archived sample

The password is "infected"